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IN THE CLAIMS: 

1 1-5 (Cancelled) 

1 6. (Previously Presented) A method for creating and maintaining a plurality of virtual 

2 servers within a server, the method comprising the steps of: 

3 partitioning resources of the server to establish an instance of each virtual server 

4 by allocating units of storage and network addresses of network interfaces of the server to 

5 each instance of the virtual server, and sharing an operating system and a file system of 

6 the server among all of the virtual servers; 

7 enabling controlled access to the resources using logical boundary checks and se- 

8 curity interpretations of those resources within the server by comparing configuration in- 

9 formation of a unit of storage requested by a particular vserver with the resources allo- 

10 cated to that particular vserver; and 

1 1 providing a virtual server context structure including information pertaining to a 

12 security domain of the virtual server. 

1 7. (Currently Amended) The method of Claim 6 wherein the step of allocating comprises 

2 the step of providing a vfstore list of the virtual server context structure, the vstore list 

3 comprising pointers to vfstore soft objects, each having a pointer that references a path to 

4 a unit of storage allocated to the vfiie fvirtual server . 
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1 8. (Previously Presented) The method of Claim 7 wherein the step of allocating further 

2 comprises the step of providing a vfnet list of the virtual server context structure, the 

3 vfnet list comprising pointers to vfhet soft objects, each having a pointer that references 

4 an interface address data structure representing a network address assigned to the virtual 

5 server. 

1 9. (Previously Presented) The method of Claim 8 wherein the step of enabling further 

2 comprises the step of performing a virtual server boundary check to verify that a virtual 

3 server is allowed to access certain storage resources of the filer. 

1 10. (Original) The method of Claim 9 wherein the step of performing comprises the step 

2 of validating a file system identifier and qtree identifier associated with the units of stor- 

3 age. 

1 11. (Previously Presented) The method of Claim 1 0 wherein the step of performing fur- 

2 ther comprises the steps of: 

3 for each request to access a unit of storage, using the identifiers to determine 

4 whether the virtual server is authorized to access the unit of storage; 

5 if the virtual server is not authorized to access the requested unit of storage, im- 

6 mediately denying the request; 

7 otherwise, allowing the request; and 

s generating file system operations to process the request. 
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1 12. (Cancelled) 



1 13. (Previously Presented) A system adapted to create and maintain a plurality of virtual 

2 servers within a server, the system comprising: 

3 a storage media configured to store information as units of storage resources, the 

4 units of storage resources allocated among each of the virtual servers; 

5 one or more network interfaces assigned one or more network address resources, 

6 the network address resources allocated among each of the virtual servers; 

7 an operating system having a file system resource adapted to perform a boundary 

8 check to verify that a request is allowed to access to certain units of storage resources on 

9 the storage media, each virtual server allowed shared access to the file system, where the 

10 boundary check is performed by comparing configuration information of a unit of storage 
i i requested by a particular vserver with the one or more units of storage resources and the 
12 one or more network address resources allocated to that particular vserver; 



13 a context data structure provided to each virtual server, the context data structure 

14 including information pertaining to a security domain of the virtual server that enforces 

15 controlled access to the allocated and shared resources; and 

16 a processing element coupled to the network interfaces and storage media, and 

n configured to execute the operating and file systems to thereby invoke network and stor- 

is age access operations in accordance with results of the boundary check of the file system. 

1 14. (Original) The system of Claim 13 wherein the units of storage resources are volumes 

2 and qtrees. 
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1 15. (Original) The system of Claim 14 further comprising a plurality of table data struc- 

2 tures accessed by the processing element to implement the boundary check, the table data 

3 structures including a first table having a plurality of first entries, each associated with a 

4 virtual server and accessed by a file system identifier (fsid) functioning as a first key into 

5 the table, each first entry of the first table denoting a virtual server that completely owns 

6 a volume identified by the fsid. 

1 16. (Original) The system of Claim 15 wherein the table data structures further include a 

2 second table having a plurality of second entries, each associated with a virtual server and 

3 accessed by a second key consisting of an fsid and a qtree identifier (qtreeid), each sec- 

4 ond entry of the second table denoting a virtual server that completely owns a qtree iden- 
s tified by the fsid and qtreeid. 

1 17. (Original) The system of Claim 16 wherein the server is a filer and wherein the vir~ 

2 tual servers are virtual filers. 

i 18.-19. (Cancelled) 

1 20. (Previously Presented) Apparatus adapted to create and maintain a plurality of virtual 

2 servers (vservers) within a server, the apparatus comprising: 

3 means for allocating dedicated resources of the server to each vserver; 
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4 means for sharing common resources of the server among all of the vservers; and means 

5 for enabling controlled access to the dedicated and shared resources using logical bound- 

6 ary checks and security interpretations of those resources within the server and for pro- 

7 viding a vserver context structure including information pertaining to a security domain 

8 of the vserver, where the logical boundary checks are performed by comparing configura- 

9 tion information of a unit of storage requested by a particular vserver with the dedicated 
so resources allocated to that particular vserver. 

i 21. -22. (Cancelled) 

1 23. (Previously Presented) A computer readable medium containing executable program 

2 instructions for creating and maintaining a plurality of virtual servers (vservers) within a 

3 filer, the executable program instructions comprising program instructions for: 

4 allocating dedicated resources of the server to each vserver; 

5 sharing common resources of the server among all of the vservers; and 

6 enabling access to the dedicated and shared resources using logical boundary 

7 checks and security interpretations of those resources within the server and providing a 
s vserver context structure including information pertaining to a security domain of the 

9 vserver, where the logical boundary checks are performed by comparing configuration 

so information of a unit of storage requested by a particular vserver with the dedicated re- 

1 1 sources allocated to that particular vserver. 

i 24.-25. (Cancelled) 
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1 26. (Previously Presented) A method for creating and maintaining a plurality of virtual 

2 servers within a server, the method comprising the steps of: 

3 allocating resources to each instance of the virtual servers of the plurality of serv- 

4 ers, the resources including units of storage and network addresses of network interfaces 

5 of the server to each instance of the virtual server; 

6 using boundary checks to access resources allocated to the virtual servers, where a 

7 particular virtual server is limited by the boundary check to only access the resources as- 
s signed to that particular virtual server, where the logical boundary checks are performed 

9 by comparing configuration information of a unit of storage requested by a particular 

10 vserver with the resources allocated to that particular vserver. 

1 27. (Previously Presented) An apparatus adapted to create and maintain a plurality of vir- 

2 tual servers within a server, comprising: 

3 means for allocating resources to each instance of the virtual servers of the plural- 

4 ity of servers, the resources including units of storage and network addresses of network 

5 interfaces of the server to each instance of the virtual server; 

6 means for using boundary checks to access resources allocated to the virtual serv- 

7 ers, where a particular virtual server is limited by the boundary check to only access the 

8 resources assigned to that particular virtual server, where the logical boundary checks are 

9 performed by comparing configuration information of a unit of storage requested by a 
so particular vserver with the resources allocated to that particular vserver. 
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1 28. (Previously Presented) A system adapted to create and maintain a plurality of virtual 

2 servers within a server, the system comprising: 

3 a storage media configured to allocate resources to each of the virtual servers of 

4 the plurality of servers, the resources including units of storage and network addresses of 
s network interfaces of the server to each instance of the virtual server network interfaces 

6 assigned one or more network address resources, the network address resources allocated 

7 among each of the virtual servers; 

s an operating system adapted to perform a boundary check to verify access to re- 

9 sources allocated to the virtual servers, where a particular virtual server is limited by the 

10 boundary check to only access the resources assigned to that particular virtual server, 

ti where the logical boundary checks are performed by comparing configuration informa- 

n tion of a unit of storage requested by a particular vserver with the resources allocated to 

B that particular vserver. 

1 29. (Previously Presented) A method for creating and maintaining one or more virtual 

2 servers within a server, comprising: 

3 allocating resources to a first virtual server of the one or more virtual servers, 

4 where the resources include one or more units of storage and at least one network address 

5 of one or more network interfaces of the server to a first virtual server of the one or more 

6 virtual servers; 

7 requesting a first unit of storage of the one or more units of storage by a first vir- 

8 tual server; and 
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9 using a boundary check to access the first unit of storage by comparing configura- 

10 tion information of the first unit of storage with resources allocated to the first virtual 
n server. 

1 30. (Previously Presented) The method of claim 29, wherein the configuration informa- 

2 tion is an inode from a requested file. 
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